----

Securing Spring Web Services: Chapter4

Configuring Validation and Securement properties to Secure Web Service


1.       To secure our web service request and response we need to configure validation and securement properties of Wss4jSecurityInterceptor in spring-ws-servlet.xml. This configuration will do the following.
a.       Decrypt incoming encrypted request and
b.      Encrypt outgoing response.

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:sws="http://www.springframework.org/schema/web-services"
       xmlns:context="http://www.springframework.org/schema/context"
       xsi:schemaLocation="http://www.springframework.org/schema/beans
       http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
          http://www.springframework.org/schema/context
          http://www.springframework.org/schema/context/spring-context-3.0.xsd      
       http://www.springframework.org/schema/web-services
       http://www.springframework.org/schema/web-services/web-services-2.0.xsd">

      <sws:annotation-driven />
      <context:component-scan base-package="com.bookstore.core,com.bookstore.endpoints"/>

       <sws:dynamic-wsdl id="bookstore" portTypeName="BookStoreInterface"
              locationUri="http://localhost:8080/bookstore-web-service/services"
              targetNamespace="http://www.bookstore.com/schema">
              <sws:xsd location="WEB-INF/bookstore.xsd" />
       </sws:dynamic-wsdl>

       <bean id="wss4jSecurityInterceptor" class="org.springframework.ws.soap.security.wss4j.Wss4jSecurityInterceptor">
              <!-- configuration to decrypt incoming request -->
              <property name="validationActions" value="Encrypt" />
              <property name="validationDecryptionCrypto">
                     <ref bean="keystore" />
              </property>
              <property name="validationCallbackHandler">
                     <bean class="org.springframework.ws.soap.security.wss4j.callback.KeyStoreCallbackHandler">
                           <property name="privateKeyPassword" value="server12345" />
                     </bean>
              </property>

              <!-- configuration to encrypt outgoing response -->
              <property name="securementActions" value="Encrypt" />
              <property name="securementEncryptionUser" value="bookstore-client-import" />
              <property name="securementEncryptionCrypto">
                     <ref bean="keystore" />
              </property>
       </bean>

       <bean id="keystore" class="org.springframework.ws.soap.security.wss4j.support.CryptoFactoryBean">
              <property name="keyStorePassword" value="server12345" />
              <property name="keyStoreLocation" value="WEB-INF/bookstore-server-keystore.jks" />
       </bean>

       <sws:interceptors>
              <ref bean="wss4jSecurityInterceptor" />
       </sws:interceptors>
</beans>

2.       Update pom.xml under WEB-INF directory to include spring web service security dependencies. Important point to note here is that spring-ws-security depends on Sun Java Streaming XML parser hence it has to be added as a dependency.
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
    <modelVersion>4.0.0</modelVersion>
    <groupId>com.bookstore</groupId>
    <artifactId>bookstore-web-service</artifactId>
    <packaging>war</packaging>
    <version>1.0-SNAPSHOT</version>
    <name>bookstore-web-service Spring-WS Application</name>
    <url>http://www.springframework.org/spring-ws</url>
    <build>
        <finalName>bookstore-web-service</finalName>
        <plugins>
            <plugin>
                <artifactId>maven-compiler-plugin</artifactId>
                <configuration>
                    <source>1.5</source>
                    <target>1.5</target>
                </configuration>
            </plugin>
            <plugin>
                <groupId>org.codehaus.mojo</groupId>
                <artifactId>tomcat-maven-plugin</artifactId>
                <version>1.1</version>
            </plugin>
        </plugins>
    </build>
       <dependencies>
              <dependency>
                     <groupId>org.springframework.ws</groupId>
                     <artifactId>spring-ws-core</artifactId>
                     <version>2.1.2.RELEASE</version>
              </dependency>
              <dependency>
                     <groupId>com.sun.xml.stream</groupId>
                     <artifactId>sjsxp</artifactId>
                     <version>1.0.2</version>
              </dependency>
              <dependency>
                     <groupId>org.springframework.ws</groupId>
                     <artifactId>spring-ws-security</artifactId>
                     <version>2.1.2.RELEASE</version>
              </dependency>
       </dependencies>
</project>

3.       Build the project using mvn clean package and deploy bookstore-web-service.war in tomcat and make sure that you are able to access wsdl from the browser using http://localhost:8080/bookstore-web-service/services/bookstore.wsdl

No comments :

Post a Comment